PayPal Bug Enables Attackers to Exfiltrate Cash from Users’ Account

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

Malicious actors could exploit a new unpatched security vulnerability in PayPal’s money transfer, a security researcher, named h4x0r_dz, claimed. The security flaw enables attackers to trick victims into unintentionally completing transactions directed by the attacker with a single click, also known as Clickjacking. 

Clickjacking, also called UI redressing, refers to a methodology wherein an unsuspecting user is deceived into clicking seemingly harmless webpage elements like buttons with the motive of installing malware, redirecting to malicious websites, or revealing private information. 

This kind of assault leverages an invisible overlay page or HTML element displayed on top of the visible page. Upon clicking on the legitimate page, victims are clicking the element controlled by the attackers that overlay the legitimate content. 

“Thus, the attacker is ‘hijacking’ clicks meant for [the legitimate] page and routing them to another page, most likely owned by another application, domain, or both,” a security researcher explained in a blog post documenting the findings. <
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: